Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 11:36

General

  • Target

    36faa0694618e2199e63379197481860_NeikiAnalytics.exe

  • Size

    118KB

  • MD5

    36faa0694618e2199e63379197481860

  • SHA1

    2001c20e6c9c5713292ddfa108312550e32c607a

  • SHA256

    c16e290fddb1a1d05ab9c4e9ac55ba79ccb577081cde659082316ac6993445f0

  • SHA512

    1274ed9b1bd7972d2baad3785a77beefc58f1e8f8d9bd805224f417c6bd5596eb0e6966a6e6365dc5e71d7119f6e369c5aff144c10eaff5ea866d5e7ff4973f6

  • SSDEEP

    1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hflik:hfAIuZAIuYSMjoqtMHfhflixih

Score
9/10

Malware Config

Signatures

  • Renames multiple (3456) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36faa0694618e2199e63379197481860_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\36faa0694618e2199e63379197481860_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

    Filesize

    118KB

    MD5

    ffbfac208b6c656ae5fc1a4c6fdd26fe

    SHA1

    e023915723a7d51822fc6ace76b827f6cb44b969

    SHA256

    b850aaf80dd725c79446a934f2999c245e6d63e064e3f9fc78a8385a8a58fa71

    SHA512

    006302e37415fdaefddc601ffad0f6b531e4d0ab7a6c6e44a29df3fdb62054ded4825ffeb932e502fef9b351874c878d6c4d2ab041a7d7c7fd0a7a3cf41e0005

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    127KB

    MD5

    e9bc7469bbb97f09593224ccb570c114

    SHA1

    d5a8a0093e586f1d92bd93e2bfd5b7b88bf16bbb

    SHA256

    513a0ecfbbbca3c53924822dc92ad969c80e5af267f511523fdccaa4e8463324

    SHA512

    c90a4c8c424e88b2d1ee1f79e300dfca4b4ac2fc128cbe06edaf241051ee211936ad1c9ccaa9803ebc4ac64694fb3b223c04cd6e78e2bdf33076f4dac84be5ac

  • memory/948-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/948-86-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB